/build/static/layout/Breadcrumb_cap_w.png

Unable to UEFI/iPXE boot to Kace to capture

Good morning all,

Management took me off of Kace administration and development close to a year ago. Now they are asking me to go back to it. As a result of being off the box for all this time, my box is outdated, as are my images. I am now also very rusty.

Environment:
Network type: Kacevlan
K1: 7.0.121306 (VM)
K2: 4.1.182 (VM)

Network type: uservlan
PCs, printers, medical devices, and the rest of our normal staff devices

When I last left Kace development in early 2017, I was jumping into UEFI partitioning and running that whole gamut of figuring out how to get all that to work, configuring my DHCP server, etc. At that time, we were still using physical kboxes and they were on the same vlan as all our other devices. Our DHCP server handle IP requests and forwarded PXE requests to our K2. Then we had a security scare with our K2, both devices were converted to VM and moved onto their own vlan, where they reside now and have for some time.

Deployment across vlans is fine for images, software. scripts, policy, etc. That's all fine and dandy. 
When we moved our devices to another vlan, however, capturing broke and it took a little while to figure out the whole "cannot capture across vlans" limitation. My work-around was to have a data port installed nearby, configure it for our kacevlan, and just turn on the K2 DHCP server when I want to capture a new image I'm working on.

Somewhere in this time frame, all our incoming Dell devices were configured for UEFI whereas all our images were set for Legacy, which meant we had to boot up our machines, reconfigure the BIOS for legacy, boot to Kace, image, etc. To cut down some of that work, I began looking into UEFI imaging and with much help here in the forums and a lot of trial and error, I was able to configure a sysprepped machine to iPXE boot into my K2, capture all the UEFI partitions, and redeploy it back down. I had it working, but it wasn't quite ready for primetime but then that's about when I got removed from my Kace admin position.

Here we are, and they want me to go back to it. 
I'm using a Dell 3020, I've installed Windows 10 v1709 x64 with default UEFI partitions.
The machine is wired to the K2 vlan.
Secureboot is off, Legacy boot is off, UEFI network stack is enabled with PXE.
DHCP is turned on at the K2 when preparing to capture.
I boot to UEFI IPv4 and it confirms media present, downloads a file, starts to run iPXE, and then drops me back at the setup screen for the computer, as if I pressed F12 during boot.

I thought I had asked this and had it answered previously, so I tried to review all my submitted questions but did not see it here. Searching it on IT Ninja is kind of leading me on a wild-goose chase, so what I'm looking for is my basic checklist for:

A: what I need to do client side to my image when building it before capturing. I think I'm already good there, but just in case, any suggestions are always appreciated here.
B: Server side: do I need a new boot environment, considering it worked before and we haven't changed anything server side since it last worked?

I have the Win10 1709 ISO, the Win10 ADK, the Dell KBE creator, and the KBE manipulator at my disposal; I'm just not sure where to look and what common areas to refresh my knowledge of.

Any helpful hints are greatly, greatly appreciated.

Thank you,

-- Ray




1 Comment   [ + ] Show comment
  • -Legacy Images cannot be deployed to UEFI devices.You will need to capture UEFI Images following this KB article:
    https://support.quest.com/kace-systems-deployment-appliance/kb/186950

    -If Windows "was born" in a Legacy environment, please don't change the BIOS to UEFI and try to capture an UEFI partition, you need to:
    1-Make sure the BIOS is set to UEFI
    2-Install Windows fresh and make sure the GPT exists, you can do this via DISKPART, this will confirm you have a true UEFI Image.
    3-Customize your stuff
    4-Sysprep Windows
    5-Capture Letters C and S with the KBE

    -UEFI images WILL have two partitions, C: containing the OS, and S: containing the boot files and the GTP partition.

    -You should be able to capture and deploy across VLANs with both External and Internal DHCP, I would suggest checking Switches configuration, routers, firewall, traffic shaping maybe?

    -Make sure Secure Boot is disabled in the BIOS
    In fact a typical UEFI boot should look like this:
    https://ibb.co/fvvdK6

    See: Boot Mode is Set to UEFI
    Secure boot is disabled
    Make sure you are booting via the UEFI boot NIC not the legacy

    -Create a new KBE with that 1709, Quest updated the PE10 driver pack a month ago:
    https://support.quest.com/kace-systems-deployment-appliance/kb/184391
    https://support.quest.com/download-install-detail/6082977

    -Make sure the computer in question is using the newest BIOS version available.

    -UEFI Boot Delay should be 20 seconds, in Settings > General Settings.

    -Have you tried with any other model and see if the UEFI PXE is working? - Channeler 6 years ago
    • 1. This latest image was installed on an Optiplex 3020 that was set in the BIOS for UEFI.
      2. During install, Windows created four partitions, as opposed to the two I would see if I were installing in Legacy.
      3. My UEFI boot looks just like your linked image and I am booting UEFI: IPv4
      4. Created a new KBE and tried to boot it right before submitting my question.

      Problem is I can't even *get* to Kace to capture, when booting iPXE. On UEFI boot, on the kace vlan, with DHCP enabled on my kbox, I get:

      Checking media presence...
      Media present...
      Downloading NBP file...
      Succeed to download NBP file.
      iPXE initialising devices....ok
      iPXE 1.0.0 (aa4b0) -- Open Source Network Boot Firmware -- http://ipxe.org
      Features: DNS HTTP TFTP EFI Menu
      Configuring (net0 [and a MAC address])...

      And then it just drops me back to the F12 boot menu. Happens every time.

      I switch to legacy and boot my NIC, I'll get to my kbox just fine but then I only see C:\, and not C:\ and S:\.

      I had been under the impression that we could not capture across vlans, and came to that understanding when we first started to image and create netboot environments for OSX. - rskwire 6 years ago
      • For MAC OSX you cannot capture across VLANS, it is written in the Administrator's Guide

        For Windows that is fine and it should be possible.

        Are you getting that
        "Downloading NBP file...
        Succeed to download NBP file", with any other model???? a Laptop or Desktop you could use for testing.

        Anyway I don't recall seeing something like with with DELL, LENOVO and VM UEFI PXE boot, so something is not right.... Do you get that one even when using the K2 as the DHCP for that computer?

        Maybe multiple DHCPs on the same subnet.... mmmmmm Could you confirm if on that subnet, there is only one DHCP running? (either the K2 DHCP or your Win Server DHCP).

        Again, try with another model or brand, and make sure the BIOS is up to date.

        Windows Media (Volume License, not OEM), will create a couple of partitions, but when booting with a KBE you should see C and S, if you only see C, you will need to go to Recovery Options on the KBE, open CMD, DISKPART and assign the letter S to the only FAT32 partition there.
        --This is only for UEFI Imaging-- - Channeler 6 years ago
      • I'm going to try with a 9010 AIO now and install Win10 Enteprirse v1709.

        No matter how I tried before with my 3020 desktop, I couldn't get to Kace using UEFI IPv4. This all worked previously, that much I know.

        If it doesn't work with this other PC, I'll start talking to my network admin again. He helped me previously making sure everything on his end was configured properly, so we've been down this road already.

        Thanks again, and so far, for your help and suggestions. - rskwire 6 years ago
      • OK. I'm in with the 9010 AIO. Really weird, but, I knew it used to work and should work again. - rskwire 6 years ago
    • iPXE is a standard, if a machine is capable of reading iPXE requests, it should work...

      I was asking you to try with another one, because here we have two machines that they won't iPXE to UEFI at all, out of more than 15 different models.

      Those two will only work in legacy ipxe. - Channeler 6 years ago

Answers (1)

Posted by: Channeler 6 years ago
Red Belt
0
For MAC OSX you cannot capture across VLANS, it is written in the Administrator's Guide

For Windows that is fine and it should be possible.

Are you getting that 
"Downloading NBP file...
Succeed to download NBP file", with any other model???? a Laptop or Desktop you could use for testing.

Anyway I don't recall seeing something like with with DELL, LENOVO and VM UEFI PXE boot, so something is not right.... Do you get that one even when using the K2 as the DHCP for that computer?

Maybe multiple DHCPs on the same subnet.... mmmmmm Could you confirm if on that subnet, there is only one DHCP running? (either the K2 DHCP or your Win Server DHCP).

Again, try with another model or brand, and make sure the BIOS is up to date.

Windows Media (Volume License, not OEM), will create a couple of partitions, but when booting with a KBE you should see C and S, if you only see C, you will need to go to Recovery Options on the KBE, open CMD, DISKPART and assign the letter S to the only FAT32 partition there.
--This is only for UEFI Imaging--

Comments:
  • Unfortunately, I keep getting this error, no matter if I'm trying to PXE or iPXE boot, either on our production network the K2 vlan.

    2018-01-24 10:57:12-0500 [info] (128.91.85.205:49674) Received connection.
    2018-01-24 10:57:12-0500 [info] (128.91.85.205:49674) Capturing image '48'
    2018-01-24 10:57:13-0500 [client] Completed successfully
    2018-01-24 10:57:13-0500 [error] Connection closed by remote while reading 1 bytes from network.
    2018-01-24 10:57:13-0500 [info] (128.91.85.205:49674) Client disconnected. - rskwire 6 years ago
    • Are you capturing across a WAN? or MAN?
      If yes, make sure you are using RSAs, it is not good to capture images to Kboxes in different cities or states.


      Make sure all ports are open between the computer and the K2.
      see:
      https://support.quest.com/kace-systems-deployment-appliance/kb/129799

      Might be environmental but you could also open a case with support to see if they find something else. - Channeler 6 years ago
      • For troubleshooting, my sysadmin made the connection between our primary network and the K2 on our VLAN completely wide open - there is nothing in between. - rskwire 6 years ago
      • It's a WAN.
        We do have an RSA at a remote location, and it also worked as of last year. The connection between the two sites, as indicated in our K2, is good. Still linked properly. - rskwire 6 years ago
  • Production network has it's own DHCP. This is what we use for deployment.
    K200 vlan uses Kace DHCP, as that VLAN doesn't have it's own DHCP server.

    I've now tried with a 9010 AIO and a 3020 desktop.

    I've created images in both Legacy and UEFI.
    I've tried booting both to production and to vlan.
    I've tried booting both images as the opposite boot option. (Legacy image as UEFI boot, and vice-versa)

    Nothing. - rskwire 6 years ago
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ